ISO/IEC 27001 Reference to Certification and Use of Marks

This document provides basic information to organizations that have obtained ISO 27001 certification of their Information Security Management System (“Registrants”) regarding the authorized marketing of the certification and the use of the Insight Assurance ISO 27001 certification mark (the “Mark”). These requirements were previously agreed upon as a condition of Insight Assurance’s acceptance of the engagement. Please contact your Insight Assurance representative if you have any questions or concerns.

The Registrant shall conform to the reasonable and mutually agreed requirements of Insight Assurance when making reference to its certification status in communication media such as the Internet, brochures, advertising, or other documents. The reference must include identification of the certified client; the type of management system and the applicable standard; and the certification body (Insight Assurance) issuing the certificate.

The Registrant shall not make or permit any misleading statements regarding its certification. Furthermore, the Registrant shall not use or permit the use of a certification document, or any part thereof, in a misleading manner.

The Registrant shall, upon suspension or withdrawal of its certification, discontinue its use of all advertising matter that contains a reference to ISO 27001 certification and/or includes a Mark.

The Registrant shall amend all relevant advertising material when the scope of certification has been modified.

The Registrant shall not allow reference to its Information Security Management System certification to be used in such a way as to imply that Insight Assurance certifies a product, service, or process.

The Registrant shall not imply that the certification applies to activities that are outside the scope of registration.

The Registrant shall not use its certification in such a manner that would bring Insight Assurance and/or the certification system into disrepute or cause loss of public trust.

The Registrant shall use the Mark only in reference to the Information Security Management System certified by Insight Assurance.

The Registrant acknowledges that Insight Assurance has the right to suspend or withdraw certification if it finds that the Registrant has purposefully made incorrect references to the certification status or misleading use of certification documents, marks, or audit reports.

The Mark is a service mark of Insight Assurance. The Mark shall only be used during periods of active certification. The Mark may not be used in connection with any product or service that was not within the scope of the certification review, or in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Insight Assurance. Also, the Registrant shall not modify the form or color of any Mark provided by Insight Assurance.